Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
28e8502f by Salvatore Bonaccorso at 2025-02-13T21:31:48+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,119 +1,119 @@
CVE-2025-26582 (Cross-Site Request Forgery (CSRF) vulnerability in Blackbam
TinyMCE Ad ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26580 (Cross-Site Request Forgery (CSRF) vulnerability in
CompleteWebResource ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26578 (Cross-Site Request Forgery (CSRF) vulnerability in mathieuhays
Simple ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26577 (Cross-Site Request Forgery (CSRF) vulnerability in daxiawp
DX-auto-pub ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26574 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26572 (Cross-Site Request Forgery (CSRF) vulnerability in jesseheap
WP PHPLis ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26571 (Cross-Site Request Forgery (CSRF) vulnerability in wibiya
Wibiya Toolb ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26570 (Cross-Site Request Forgery (CSRF) vulnerability in uamv Glance
That al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26569 (Cross-Site Request Forgery (CSRF) vulnerability in
callmeforsox Post T ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26568 (Cross-Site Request Forgery (CSRF) vulnerability in jensmueller
Easy Am ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26567 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26562 (Cross-Site Request Forgery (CSRF) vulnerability in Shambhu
Patnaik RSS ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26561 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26558 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26552 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26551 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26550 (Cross-Site Request Forgery (CSRF) vulnerability in Kunal
Shivale Globa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26549 (Cross-Site Request Forgery (CSRF) vulnerability in pa1 WP Html
Page Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26547 (Cross-Site Request Forgery (CSRF) vulnerability in
nagarjunsonti My Lo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26545 (Cross-Site Request Forgery (CSRF) vulnerability in shisuh
Related Post ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26543 (Cross-Site Request Forgery (CSRF) vulnerability in Pukhraj
Suthar Simp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26539 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26538 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26511 (Systems running the Instaclustr fork of Stratio's
Cassandra-Lucene-In ...)
- TODO: check
+ NOT-FOR-US: Instaclustr
CVE-2025-25901 (A buffer overflow vulnerability was discovered in TP-Link
TL-WR841ND V ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-25900 (A buffer overflow vulnerability was discovered in TP-Link
TL-WR841ND V ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-25899 (A buffer overflow vulnerability was discovered in TP-Link
TL-WR841ND V ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-25898 (A buffer overflow vulnerability was discovered in TP-Link
TL-WR841ND V ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-25897 (A buffer overflow vulnerability was discovered in TP-Link
TL-WR841ND V ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-25389 (A SQL Injection vulnerability was found in
/admin/forgot-password.php ...)
- TODO: check
+ NOT-FOR-US: Phpgurukul Land Record System
CVE-2025-25388 (A SQL Injection vulnerability was found in
/admin/edit-propertytype.ph ...)
- TODO: check
+ NOT-FOR-US: Phpgurukul Land Record System
CVE-2025-25387 (A SQL Injection vulnerability was found in
/admin/manage-propertytype. ...)
- TODO: check
+ NOT-FOR-US: Phpgurukul Land Record System
CVE-2025-25357 (A SQL Injection vulnerability was found in
/admin/contactus.php in PHP ...)
- TODO: check
+ NOT-FOR-US: Phpgurukul Land Record System
CVE-2025-25356 (A SQL Injection vulnerability was found in
/admin/bwdates-reports-deta ...)
- TODO: check
+ NOT-FOR-US: Phpgurukul Land Record System
CVE-2025-25355 (A SQL Injection vulnerability was found in
/admin/bwdates-reports-deta ...)
- TODO: check
+ NOT-FOR-US: Phpgurukul Land Record System
CVE-2025-25354 (A SQL Injection was found in /admin/admin-profile.php in
PHPGurukul La ...)
- TODO: check
+ NOT-FOR-US: Phpgurukul Land Record System
CVE-2025-25352 (A SQL Injection vulnerability was found in /admin/aboutus.php
in PHPGu ...)
- TODO: check
+ NOT-FOR-US: Phpgurukul Land Record System
CVE-2025-25287 (Lakeus is a simple skin made for MediaWiki. Starting in
version 1.8.0 ...)
- TODO: check
+ NOT-FOR-US: Lakeus MediaWiki skin
CVE-2025-24904 (libsignal-service-rs is a Rust version of the
libsignal-service-java l ...)
- TODO: check
+ NOT-FOR-US: libsignal-service-rs
CVE-2025-24903 (libsignal-service-rs is a Rust version of the
libsignal-service-java l ...)
- TODO: check
+ NOT-FOR-US: libsignal-service-rs
CVE-2025-24889 (The SecureDrop Client is a desktop application for journalists
to comm ...)
- TODO: check
+ NOT-FOR-US: SecureDrop Client
CVE-2025-24888 (The SecureDrop Client is a desktop application for journalists
to comm ...)
- TODO: check
+ NOT-FOR-US: SecureDrop Client
CVE-2025-22480 (Dell SupportAssist OS Recovery versions prior to 5.5.13.1
contain a sy ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2025-1271 (Reflected Cross-Site Scripting (XSS) in Anapi Group's h6web.
This secu ...)
- TODO: check
+ NOT-FOR-US: Anapi Group's h6web
CVE-2025-1270 (Insecure direct object reference (IDOR) vulnerability in Anapi
Group's ...)
- TODO: check
+ NOT-FOR-US: Anapi Group's h6web
CVE-2025-1127 (The vulnerability can be leveraged by an attacker to execute
arbitrary ...)
- TODO: check
+ NOT-FOR-US: Lexmark
CVE-2025-0426 (A security issue was discovered in Kubernetes where a large
number of ...)
TODO: check
CVE-2024-13867 (The Listivo - Classified Ads WordPress Theme theme for
WordPress is vu ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-13639 (The Read More & Accordion plugin for WordPress is vulnerable
to unauth ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13606 (The JS Help Desk \u2013 The Ultimate Help Desk & Support
Plugin plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13182 (The WP Directorybox Manager plugin for WordPress is vulnerable
to Auth ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12013 (A CWE-1392 \u201cUse of Default Credentials\u201d was
discovered affec ...)
- TODO: check
+ NOT-FOR-US: 30.8005 TCP/IP Gateway
CVE-2024-12012 (A CWE-598 \u201cUse of GET Request Method with Sensitive Query
Strings ...)
- TODO: check
+ NOT-FOR-US: 130.8005 TCP/IP Gateway
CVE-2024-12011 (A CWE-126 \u201cBuffer Over-read\u201d was discovered
affecting the 13 ...)
- TODO: check
+ NOT-FOR-US: 130.8005 TCP/IP Gateway
CVE-2024-11347 (Integer Overflow or Wraparound vulnerability in Lexmark
International ...)
- TODO: check
+ NOT-FOR-US: Lexmark
CVE-2024-11346 (: Access of Resource Using Incompatible Type ('Type
Confusion') vulner ...)
- TODO: check
+ NOT-FOR-US: Lexmark
CVE-2024-11345 (A heap-based memory vulnerability has been identified in the
Postscrip ...)
- TODO: check
+ NOT-FOR-US: Lexmark
CVE-2024-11344 (A type confusion vulnerability has been identified in the
Postscript i ...)
- TODO: check
+ NOT-FOR-US: Lexmark
CVE-2025-1094 (Improper neutralization of quoting syntax in PostgreSQL libpq
function ...)
{DLA-4052-1}
- postgresql-17 17.3-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28e8502f96337baa0514eafb1409640abc2e0c8b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28e8502f96337baa0514eafb1409640abc2e0c8b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
